The Spotify Heist – How Thieves Are Profiting Off Stolen Music

Spotify has its own fair share of issues since its launch. These problems range from simple frustrating UI to unusable functionality, and all the way up to the nature Spotify’s ecosystem. Yes – piracy within Spotify is as severe as it sounds, and I’m not clickbaiting.

Here’s why it matters, but first, a brief context of what’s going on. There are two separate parts to this story that are linked together, so hear me out here.

The short, TL;DR version is this: free music tracks were stolen and reuploaded and sold/streamed on multiple platforms for profit.

The Spotify Heist

I’m a user of Spotify Premium for over a year now, and actually, I can only say that throughout the entire year, I start to realize a lot of duplicates with Spotify.

One way that I truly like about Spotify is their Discover Weekly playlist where it’ll recommend new 30 songs every week. I’m not particularly sure what’s affecting the recommendation algorithm – BPM, genre, artist, language, or what’s saved in my playlists – as I’ve gotten quite a wide variety of recommended music that is situated in two ends of the spectrum within the same week.

The “stolen music” in question are duplicated uploads or songs that do not have the original artist listed.

With that said, its algorithms are sometimes a little too smart and recommended songs that I have already added into my account – which is really awkward. I’ll dive into the full details later, as I have full proof that there is clearly stolen music in Spotify that has a high chance it’s profited off of.

These two are the exact same song!

I don’t mean that people are downloading music illegally. Actually, this is much worse to some extent. I’ve heard a few great pieces of music getting uploaded by multiple different “artists”. Obviously, these “artists” took the song from the original creator and upload to Spotify as their own.

Where’s the proof that the track is stolen?

So, what’s wrong here? Well… Let’s just say that CraftyBoy didn’t create this beautiful piece of music. Joakim Karud did. I know this because I used his music on a lot of our videos in our Nasi Lemak Tech YouTube channel, and I’ve used that particular song some time ago.

Listen to CraftyBoy’s Zengo here. It has since been removed from many places on the internet. This is the only remaining site where it’s available. More on this later.

That raised another suspicion – the nitty gritty details on who, when, and where the music was uploaded to. Let’s have a quick comparison.

Artist name

Joakim Karud
(verified on Spotify)

CraftyBoy

Track name

Dreams

Zengo – Original Mix

Label

Joakim Karud

Minimal of Sound

Year published on Spotify

2016

2017

Free to download?

Yes, on The Artist Union

No, £0.69 on Amazon UK

From my investigations, it doesn’t seem like CraftyBoy is a real artist. This is the only one song I can find that’s by this person. That triggered a thought and suspicion in me – which artist in this world doesn’t want recognition? Also, CraftyBoy uploaded a year after Joakim Karud uploaded his version.

CraftyBoy made a crafty sleight of hand by cutting 2 seconds off Joakim’s song!

So the next question here is this – is CraftyBoy’s Zengo a remix of Joakim Karud’s Dreams? That will dispell all of these problems, no?
My answer to that is this – They’re exactly the same! If they’re both still available on Spotify right now, then you can verify that.

Is the thief profiting?

Is this stealing with an intent for personal benefit? I can’t say for sure, but most probably yes, since this CraftyBoy is indeed crafty enough to attempt selling the song at Amazon UK. Also, Spotify is paying in a per-stream basis to the music label too.

By the way, you and I can’t just waltz into Spotify’s website or app and upload a music for everyone to listen to. It’s a music streaming service, not a music sharing service, as it is clearly stated here by a Spotify Legend.

It’s quite difficult to know how much the thief (thieves) earned exactly, so let’s guesstimate. The track named Why We Lose by Cartoon was stolen and renamed to Downfall by Paradise. Spotify says that the stolen track was played over 500,000 times. Five hundred thousand times.

According to this chart, Spotify pays USD $0.00437 per stream – and that sums up to more than USD $2,000. This sum excludes sales from Juno Download and other streaming platforms, too.

So I went on ahead to get some of the facts right. I turned and asked the most appropriate person in regards to this case in particular – Joakim Karud himself.

Speaking to Joakim Karud himself

The man himself.

Fortunately, I got a hold of him on Twitter via DM. He is kind enough to fill me in with the details of what happened. Here’s a short summary of what he told me:

Another guy did inform Joakim that the track was stolen sometime in June

The track was actually uploaded to iTunes, Google Play, etc. I verified this, but since it has been removed from Spotify, it is slowly disappearing everywhere else too.

I expedited the issue to Spotify Malaysia (thanks for the help!) and it has been removed as of now. The stolen track is currently in “limbo” mode in Spotify – it’s not playable while the investigation is still going on. Spotify is giving a chance to the thief to defend himself.

Joakim told me that he did report the stolen track on Spotfiy. Surprisingly, there is indeed a report button – but you can’t report individual tracks. You can only report the artist.

That’s the end of this saga then? Not exactly – I’m afraid I’ve just opened a can of worms that only raises more complexity in this issue. Honestly, I’m not sure how Spotfiy can solve the issue. Does having an official artist channel like VEVO channels on YouTube solve anything? 🤔

But wait… there’s more stolen music!

So the dust has settled… for now. That particular track has been removed. Well, one out of many more out there by the same person (or group), actually. I got a link to Juno Download, a music marketplace. It has an interesting feature – to display all music that’s published by only one particular music label name.

There were more stolen tracks by the same person (or group)!

Here’s where I saw a lot of music artwork with the same design template as CraftyBoy’s. A dark yellow background with an Earth and a radio tower at the center top. That’s rather interesting… Perhaps they’re uploaded by the same people behind CraftyBoy? But I’m not sure if they’re stolen. If they are stolen, I don’t know the original track name and artist, too.

Then I had a eureka moment – why not just let Shazam do all the work for me?

Tracking down the original tracks and artists

Juno Download has a “track preview” feature which I can use Shazam to listen to it, and let it do all the hard work for me. Thus, I devised a plan. These were the steps I took to make out this entire table:

Head over to Juno Download and filter out all of those entries there with the same album artwork as CraftyBoy’s Zengo.

Preview the track from Juno Download and use Shazam to listen to it.

Pray that Shazam leads me to the original song (or at least a clue).

Search whatever Shazam showed me on Spotify, YouTube, etc.

Verify if Juno Download’s track and the original artists’ track are the same.

Compare the release dates

Alas, our long time investigation leads to this humongous table here. I’ve tracked down a total of 8 tracks on Juno Download that has the same album artwork as CraftyBoy’s Zengo – the dark yellow background with an Earth logo and a radio tower up top. There were actually 8 entries, as Zengo was removed after I busted them.

Things got weird when I scanned some music using Shazam and it actually displayed the stolen music as the result instead of the original artist’s song. Some results shown on Shazam were totally unrelated too.

Take Exhibit 4 for example. Shazam showed me that the song is We Go To Fly (yes, wrong grammar) by Guelmi. Exhibit 5 showed that the song is Ghost by Fazli Olmez. Surely, Shazam isn’t perfect either – but it led me to the correct song in the end.

This heist pulled off by Minimal of Sound seems to be targeting NoCopyrightSounds (NCS) Ltd. in particular. In the past, there was a similar case like this happened to glue70‘s iconic track, Casin.

I’m not quite sure how the thief (or thieves) actually successfully uploaded the duplicate on Spotify.

The aftermath

Firstly, this is a big issue. Music piracy is an age-old issue, but rarely profiting off of pirated music. The difference here is between music sharing and music stealing-and-selling.

The main point of this entire post is to highlight that such things exist, and it’s a real issue. It even poses a threat to Spotify’s credibility as a platform for music streaming.

The world of music is rather convoluted

Anyone with a record label can upload tracks to Spotify – even unverified artists like CraftyBoy here. Such act of thievery where music is pirated and reuploaded will only run more rampant over the coming months. I did raise the idea to of something like a waveform comparator to find out if an exact same music has been reuploaded. Joakim told me one thing which is a huge issue – “same track can be released by different labels in different territories for example”.

This will be the continuation of the battle between music producers and pirates – again. The war continues. This time, I don’t think DRM is the solution.

We don’t have any idea on how the framework for Spotify is built, thus unable to suggest any solutions for this issue. Whatever it is though, Spotify really needs to take this seriously.